Difference between pages "Blackberry Forensics" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Protocol Submission by Matt Levendoski)
 
(Workshops)
 
Line 1: Line 1:
== Acquiring BlackBerry Backup File (.ipd) ==
+
{{Infobox_Software |
 +
  name = Rekall |
 +
  maintainer = [[Darren Bilby]] and others |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
1. Open Blackberry’s Desktop Manager<br/>
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
2. Click “Options” then “Connection Settings” <br/>
+
[[Image:4.JPG]]<br/>
+
4. Select “USB-PIN: 2016CC12” for connection<br/>
+
[[Image:1.JPG]]<br/>
+
5. Click “Detect”, then it should show a dialog box saying it found the device<br/>
+
6.      Click "OK" to return to the main menu<br/>
+
7. Double click “Backup and Restore”<br/>
+
[[Image:2.JPG]]  <br/>
+
8. Save the .ipd file<br/>
+
[[Image:3.JPG]]<br/>
+
  
== Opening Blackberry Backup Files (.ipd) ==
+
= See also =
1. Purchase Amber BlackBerry Converter from [http://www.processtext.com/abcblackberry.html]
+
* [[rekall]]
<br>Or
+
<br>Download Trial Version
+
<br><br>2. Use File | Open and point the program to the BlackBerry backup file (.ipd).
+
<br><br>3. Navigate to the appropriate content by using the navigator icons on the left.
+
  
== Blackberry Simulator ==
+
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
This is a step by step guide to downloading and using a Blackberry simulator. For this example I downloaded version 4.0.2 in order to simulate the 9230 series.
+
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser], [[Michael Cohen]], Digital Investigation, 2013.
  
1. Select a simulator to download from the drop-down list on the [https://www.blackberry.com/Downloads/entry.do?code=060AD92489947D410D897474079C1477]Blackberry website. Click ''Next''.
+
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
  
2. Look through the list and download BlackBerry Handheld Simulator v4.0.2.51.
+
== Workshops ==
 
+
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]
3. Enter your proper user credentials and click ''Next'' to continue.
+
 
+
4. On the next page, reply accordingly to the eligibility prompt and click ''Next'' to continue.*
+
 
+
5. Agree or disagree to the SDK agreement and click ''Submit'' to continue.*
+
 
+
6. The next page will provide you with a link to download the .ZIP file containing the wanted simulator.
+
 
+
* - If you disagree at any of these point you will not be able to continue to the download.
+
 
+
 
+
== Blackberry Protocol ==
+
http://www.off.net/cassis/protocol-description.html
+
 
+
Here is a useful link to the Blackberry Protocol as documented by Phil Schwan, Mike Shaver, and Ian Goldberg. The article goes into great description of packet sniffing and the protocol as it relates to data transfer across a USB port.
+

Revision as of 14:20, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

See also

External Links

Publications

Presentations

Workshops